docs: add TODOs

adiffpirate · adiffpirate · commit c052cfdb0dd1 · 2026-04-23T11:48:28.000-03:00
diff --git a/README.md b/README.md
@@ -16,7 +16,13 @@ Alembic for migrations, and SQLite for fast unit tests.
 │   ├── db/
 │   │   └── session.py
 │   └── modules/
-│       └── orders/
+│       ├── orders/
+│       │   ├── models.py
+│       │   ├── schemas.py
+│       │   ├── repository.py
+│       │   ├── service.py
+│       │   └── routes.py
+│       └── users/
 │           ├── models.py
 │           ├── schemas.py
 │           ├── repository.py
diff --git a/app/modules/orders/routes.py b/app/modules/orders/routes.py
@@ -6,6 +6,7 @@
 
 router = APIRouter()
 
+# TODO: Require user authentication when calling these paths
 
 @router.post("/", response_model=schemas.OrderRead)
 def create_order(payload: schemas.OrderCreate, db: Session = Depends(get_db)):
diff --git a/app/modules/users/repository.py b/app/modules/users/repository.py
@@ -5,6 +5,8 @@
 
 
 def create_user(db: Session, username: str, password: str):
+    # TODO: Add password strength check, should be long (20+ chars) OR complex (with uppercase, lowercase, numbers and symbols)
+
     # Hash the password with bcrypt
     # bcrypt has a 72-byte limit, so we'll hash long passwords with SHA-256 first
     if len(password) > 72:
@@ -37,4 +39,4 @@ def verify_password(plain_password: str, hashed_password: str) -> bool:
         plain_password = hashlib.sha256(plain_password.encode()).hexdigest()
 
     # Verify password
-    return bcrypt.checkpw(plain_password.encode('utf-8'), hashed_password.encode('utf-8'))
+    return bcrypt.checkpw(plain_password.encode('utf-8'), hashed_password.encode('utf-8'))
diff --git a/app/modules/users/service.py b/app/modules/users/service.py
@@ -2,6 +2,7 @@
 from . import repository, schemas
 from fastapi import HTTPException, status
 
+# TODO: Evaluate if the logic to check for user existance should actually be here
 
 def create_user(db: Session, username: str, password: str):
     # Check if user already exists
@@ -28,4 +29,4 @@ def authenticate_user(db: Session, username: str, password: str):
             headers={"WWW-Authenticate": "Bearer"},
         )
 
-    return user
+    return user
diff --git a/tests/unit/test_users.py b/tests/unit/test_users.py
@@ -3,6 +3,7 @@
 from app.modules.users.repository import create_user, get_user_by_username, verify_password
 from app.modules.users.service import authenticate_user
 
+# TODO: Create test to check if long passwords with 50 chars works just fine
 
 def test_create_user(db: Session):
     # Test creating a new user
@@ -11,6 +12,7 @@ def test_create_user(db: Session):
     assert user.username == "testuser"
     assert user.id is not None
 
+    # TODO: Move hashing verification into its own test
     # Test that password was hashed
     assert user.hashed_password != "password123"
 
@@ -59,4 +61,4 @@ def test_authenticate_user_success(db: Session):
 def test_authenticate_user_failure(db: Session):
     # Try to authenticate with wrong password - should fail
     with pytest.raises(Exception):  # Will be HTTPException in service layer
-        authenticate_user(db, "nonexistent", "wrongpassword")
+        authenticate_user(db, "nonexistent", "wrongpassword")
